Reputation: 373
How safe is redirect via javascript?
I have developed a Rails app and now I'm trying to improve its security. There are some ajax on it and as I don't have much experience with jQuery and on one of the ajax requests, I have to redirect the user via javascript, is it a good practice? I would like to know if it's safe the implementation below and what is the risk that my app could be suffering too:
success: function(callback) {
if (callback.status == true) {
if (event.target.id == 'radar_occurrences')
window.location.href = '/radar/all'
else
window.location.href = '/radar/list'
}
else {
$("body").before("<p class='error'>Failure message.</p>");
flashError();
}
}
Thanks!
Upvotes: 3
Views: 3804
Answers (1)
Reputation: 51
A common security issue with redirects are "open redirects" where basically an attacker can take advantage of a flaw in your page to get a user redirected to some other site of his/her choice. In your specific case it seems that you don't use any user supplied parameter to define the target URL of the redirect, so you should be safe from this attack.
Upvotes: 1
Related Questions
- jquery: how to handle a redirect
- Using Javascript for redirecting is true or not?
- handle jquery ajax redirect
- Open Redirect vulnerability in javascript/jquery
- Will redirecting before an Ajax call returns cause issues?
- Theoretical - JavaScript link redirection security issue
- Redirect from JavaScript
- JS Code over AJAX with jQuery - is this method safe?
- is it safe to use javascript redirects?
- Javascript based redirect: will it hurt SEO?